As cloud computing has matured, the benefits it delivers to organisations of all sizes are undeniable. Companies are enjoying agility, scale and speed like never before. And cloud adoption shows no signs of slowing. Gartner earlier this year forecasted that the worldwide public cloud services market would grow 18 percent in 2017, and Forrester said global cloud services revenues totalled £100 billion in 2016, up from £50 billion just two years ago — that’s annual growth of 30 percent.
With this huge growth in cloud adoption and the recent rash of cyberattacks targeting organisations across all industries, effective security in the cloud is paramount.
One way the cloud introduces new security risks to organisations is the underlying infrastructure that makes the cloud and cloud applications run, which consists of publicly exposed APIs. Why is that an important distinction? Because, essentially, what makes APIs useful also makes them exploitable. APIs are built with fully exposed controls to support orchestration, management, automation and integration between solutions and applications.
This level of exposure makes them a rich target for exploitation, and can introduce another dimension of security challenges for businesses, as it expands the boundaries that were not part of traditional on-premise perimeters that enterprises are used to. It’s often noted that attackers will take the path of least resistance, and employees – sometimes even those in IT organisations – will unwittingly help them, often by using lax identity practices.
There will always be employees who fall prey to phishing attempts, surf exploited websites, use unsecured free Wi-Fi networks in public and download other sketchy material. All of this behaviour opens the door to potential attackers. At the same time, common infrastructure weaknesses are seen by attackers as the exploit of choice to land a beachhead within an organisation, such as using a SQL query to find cached credentials or finding an unpatched, publicly exposed server to exploit.
And, of course, you have bad identity and password practices that are always enticing to threat actors – and there’s no shortage of employees who fall back to first initial-last name or password1234 as their password of choice. Identity weakness can also open the door to full control of the API.
There’s no 100 percent ironclad way to prevent intrusion through exploiting identity, but you can slow them down. How? Through good identity hygiene. Some ways to implement this in your organisation include:
Multi-Factor Authentication: Time was, a password was the only necessary way to authenticate to a network or applications. That worked well for a while. Not anymore. Additional layers of defence are imperative. Threat actors can easily crack passwords, so the use of additional types of authentication, such as biometrics and tokens ensure tighter security.
Passphrases over Passwords: We’ve seen time and time again where weak passwords are cracked. A passphrase, however, makes it more difficult. Where a password is typically up to 10 letters, numbers and symbols, a passphrase, however, has a much longer character length to stymie possible attackers and commonly contains underscores to separate words in the phrase. Passphrases don’t have to be grammatically correct and they can also use numbers and symbols to make cracking them that much harder. Mamma Mia! Your passphrase can be your favourite Abba lyric, if that’s your thing.
Depreciate Expired Employee Accounts: Leaving accounts open for former employees or for services no longer in use opens a hole that is easily exploited. A good rule of thumb is to shut down expired employee accounts immediately to dramatically reduce the chance of a disgruntled former employee access the network.
Monitor Access Logs: It sounds like a no-brainer, but knowing who accesses what and when can avoid catastrophe. Monitor access logs frequently for anomalies and to ensure end-users have the correct levels of access.
The industry is currently making improvements in identity by implementing multi-context analysis strategies that include time of access, country of origin, host computer in use and other behavioural analyses to add weight to identity. For example, in his keynote at the AFCEA Defence Cyber Operations Symposium (DCOS), Lt. Gen. Alan Lynn, director of the Defence Information Systems Agency (DISA) and commander of the Joint Force Headquarters–Department of Defence Information Network (JFHQ-DODIN), outlined how assured identity will be critical to cloud and network security and access.
Lynn said assured identity goes beyond traditional common access cards for authentication and access and leverages biometric authentication such as facial and voice recognition, fingerprint, eye scanning and gait; and behavioural authentication, including travel patterns, location by time, device handling, speech patterns and keystroke cadence.
“When you start getting all of that data…your identity score goes up and it will determine how much access you have to different portions of the network,” Lynn said. “So the future I see will be not only a network that’s mobile that you’re bringing devices into your building, but it will determine what’s your level of access based on the amount of identity that’s been provided to your device. That’s a future we’re currently working on.”
Analytics and the ability to detect security anomalies in the cloud are also imperative. Having a strong understanding of how applications are performing and their security posture can provide insight into levels of access and potentially flag a possible security issue before it wreaks havoc. Integrated, rich, per-app analytics let you quickly understand your application’s performance and security posture so you can take immediate action if there is an anomaly. Per-app analytics and security data coupled with strong identity hygiene will help ensure your cloud and cloud applications are both high-performing and secure.